Prev: Keyspace size of a synchronous stream cipher
Next: Advantages of digital signatures over MACs?
From: Kristian Gj�steen on 1 Mar 2010 05:31
Rainer Urian <rainer(a)urian.eu> wrote:
>and the "letters to the editor" of the poor victims .....
>www.ams.org/notices/200711/tx071101454p.pdf
>
>this is real high-quality fun ....

Fun at first. Then a bit sad.

I think Koblitz and Menezes are over-doing the rhetoric a bit, but they
clearly have a point. It is obviously a mistake to argue about their
rhetoric instead of their point. This part of the debate is a bit sad.

Ivan Damgaard has written a very nice, reasoned essay about the point,
explaining why even non-sharp reductions are useful and why there are
_real_ problems with "naive" proofs in the random oracle model (it is
possible to make collossal blunders with a technically correct proof).

From my own personal experience, I find that writing security proofs
(ie. proving properties about protocols) is a valuable tool for finding
attacks. Whenever I can't complete a proof, the obstacle to the proof
quite often turns into an attack.

--
Kristian Gj�steen
First  |  Prev  | 
Pages: 1 2
Prev: Keyspace size of a synchronous stream cipher
Next: Advantages of digital signatures over MACs?